OPNSense with Postfix Plugin as smarthost/relay

Started by norbo80, March 07, 2022, 03:47:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 07, 2022, 03:47:11 PM Last Edit: March 07, 2022, 04:10:24 PM by norbo80
Hello OPNsense Users,

I would like use the OPNSense as Smarthost or Relay for my internal network devices. All devices should send their mails to the OPNsence and the OPNSense via smarthost outside. I found following topic:

https://forum.opnsense.org/index.php?topic=7538.0

but I have no idea how may I configure this on OPNSense.

My config:

on client - set smtp_url = "smtp://user@domain.net@opnsenseIP:25"
on OPN Sense:
Postfix - General:
- ListenPort:  25
- Smart Host - externalSMTPserverIP:465
- Authentication Username: user@domain.net
- Authentication Password: UserPW

I created FW Rule - allow Host to FW on port 25

I receive following error:
SMTP session failed: 502 5.5.1 Error: command not implemented

Many thanks for your help.
March 08, 2022, 02:02:27 PM #1
Some more logs needed please
March 08, 2022, 02:41:00 PM #2
Depending on the external SMTP server you want to use authentication might be broken:
https://github.com/opnsense/plugins/issues/2830

But this is not your first and current issue - check the syntax for that smtp_url parameter in whatever your application is. Check the postfix log for more info on that error. Once you have your local submit issue worked out, you might still hit the one above when postfix tries to forward to your external server.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 08, 2022, 02:55:48 PM #3 Last Edit: March 08, 2022, 07:23:33 PM by norbo80
 
Quote from: mimugmail on March 08, 2022, 02:02:27 PM
Some more logs needed please
Thank you!

LOGs:

Code Select
2022-03-08T14:53:37 Informational postfix/smtpd disconnect from unknown[192.168.100.10] ehlo=1 starttls=0/1 commands=1/2
2022-03-08T14:53:37 Informational postfix/smtpd lost connection after STARTTLS from unknown[192.168.100.10]
2022-03-08T14:53:37 Error postfix/smtpd OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
2022-03-08T14:53:37 Informational postfix/smtpd connect from unknown[192.168.100.10]

UPDATE: after I deactivated : "Permit SASL Authenticated" the erron not appear in LOGs, but the errror still persist.

Code Select
2022-03-08T15:00:03 Informational postfix/smtpd disconnect from unknown[192.168.100.10] ehlo=1 starttls=0/1 commands=1/2
2022-03-08T15:00:03 Informational postfix/smtpd lost connection after STARTTLS from unknown[192.168.100.10]
2022-03-08T15:00:03 Informational postfix/smtpd connect from unknown[192.168.100.10]
2022-03-08T14:59:55 Informational postfix/master daemon started -- version 3.5.12, configuration /usr/local/etc/postfix
2022-03-08T14:59:55 Informational postfix/postfix-script starting the Postfix mail system
2022-03-08T14:59:50 Informational postfix/master terminating on signal 15
2022-03-08T14:59:50 Informational postfix/postfix-script stopping the Postfix mail system

Quote from: pmhausen on March 08, 2022, 02:41:00 PM
Depending on the external SMTP server you want to use authentication might be broken:
https://github.com/opnsense/plugins/issues/2830

But this is not your first and current issue - check the syntax for that smtp_url parameter in whatever your application is. Check the postfix log for more info on that error. Once you have your local submit issue worked out, you might still hit the one above when postfix tries to forward to your external server.
client mutt config:

set smtp_url = "smtp://user@domain.net@192.168.10.1:25"

Mutt error:

Code Select
SMTP session failed: 502 5.5.1 Error: command not implemented

Maybe I'm missing something in Postfix config? Like I said I changed only:
Trusted Networks,
Enable SMTP Authentication
Authentication Username
Authentication Password
March 27, 2022, 11:50:33 AM #4
Unfortunately it still not working, I tried now configure mutt with direct connection to the extern mail server (without opnsense proxy):

Quoteset smtp_url = "smtp://login:Npassword@server:587/"
set from = "mail@server.net
set ssl_force_tls = no # Require encrypted connection
set ssl_starttls=no

and it works.

I got any idea anymore why is not working with postfix as smarthost.

my postfix config:

Code Select
<postfix>
      <headerchecks version="1.0.0">
        <headerchecks/>
      </headerchecks>
      <recipient version="1.0.0">
        <recipients/>
      </recipient>
      <address version="1.0.0">
        <addresses/>
      </address>
      <antispam version="1.0.2">
        <enable_rspamd>0</enable_rspamd>
        <default_action>accept</default_action>
      </antispam>
      <domain version="1.0.1">
        <domains/>
      </domain>
      <sender version="1.0.0">
        <senders/>
      </sender>
      <general version="1.2.6">
        <enabled>1</enabled>
        <myhostname/>
        <mydomain/>
        <myorigin/>
        <inet_interfaces>all</inet_interfaces>
        <inet_port>25</inet_port>
        <ip_version>all</ip_version>
        <bind_address/>
        <bind_address6/>
        <mynetworks>127.0.0.0/8,[::ffff:127.0.0.0]/104,[::1]/128,192.168.100.0/24</mynetworks>
        <banner/>
        <message_size_limit>51200000</message_size_limit>
        <masquerade_domains/>
        <tls_server_compatibility>intermediate</tls_server_compatibility>
        <tls_client_compatibility>intermediate</tls_client_compatibility>
        <tlswrappermode>0</tlswrappermode>
        <certificate/>
        <ca/>
        <smtpclient_security>may</smtpclient_security>
        <relayhost>server:587</relayhost>
        <smtpauth_enabled>1</smtpauth_enabled>
        <smtpauth_user>login</smtpauth_user>
        <smtpauth_password>password</smtpauth_password>
        <enforce_recipient_check>0</enforce_recipient_check>
        <extensive_helo_restrictions>0</extensive_helo_restrictions>
        <extensive_sender_restrictions>0</extensive_sender_restrictions>
        <reject_unknown_client_hostname>0</reject_unknown_client_hostname>
        <reject_non_fqdn_helo_hostname>0</reject_non_fqdn_helo_hostname>
        <reject_invalid_helo_hostname>0</reject_invalid_helo_hostname>
        <reject_unknown_helo_hostname>0</reject_unknown_helo_hostname>
        <reject_unauth_pipelining>1</reject_unauth_pipelining>
        <reject_unknown_sender_domain>0</reject_unknown_sender_domain>
        <reject_unknown_recipient_domain>0</reject_unknown_recipient_domain>
        <reject_non_fqdn_sender>0</reject_non_fqdn_sender>
        <reject_non_fqdn_recipient>0</reject_non_fqdn_recipient>
        <permit_sasl_authenticated>0</permit_sasl_authenticated>
        <permit_tls_clientcerts>1</permit_tls_clientcerts>
        <permit_mynetworks>1</permit_mynetworks>
        <reject_unauth_destination>1</reject_unauth_destination>
        <reject_unverified_recipient>0</reject_unverified_recipient>
        <delay_warning_time>0</delay_warning_time>
      </general>
      <recipientbcc version="1.0.0">
        <recipientbccs/>
      </recipientbcc>
      <senderbcc version="1.0.0">
        <senderbccs/>
      </senderbcc>
      <sendercanonical version="1.0.0">
        <sendercanonicals/>
      </sendercanonical>
    </postfix>

@mimugmail @pmhausen I will be grateful for any help
Print
Go Up Pages1
User actions